Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.6.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-0217
enrol/index.php in Moodle 2.6.x prior to 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote malicious users to obtain sensitive name and summary information about these courses by leveraging the guest role an...
Moodle Moodle 2.6.2
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
356
VMScore
CVE-2014-2572
mod/assign/externallib.php in Moodle 2.6.x prior to 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
383
VMScore
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
445
VMScore
CVE-2014-9060
The LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote malicious users to trigger the generation of arbitrary messages via a modi...
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
312
VMScore
CVE-2014-7830
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by lev...
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
187
VMScore
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) atta...
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.5.6
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.3
Moodle Moodle 2.7.2
605
VMScore
CVE-2014-7838
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allow remote malicious users to hijack the authentication of arbitrary users for requests that...
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
668
VMScore
CVE-2014-7845
The generate_password function in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote malicious users to obtain access via a brute-force a...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
356
VMScore
CVE-2014-7846
tag/tag_autocomplete.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions...
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.6
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.3
445
VMScore
CVE-2014-7848
lib/phpunit/bootstrap.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 allows remote malicious users to obtain sensitive information via a direct request, which reveals the full path in an error message.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »